Dvmap, an Android trojan is found by the cybersecurity researchers at Kaspersky Lab and is the first malware to be found with code injection built into it.
Back in may 2017, the malware creators uploaded a clean Android application named as "colour block" to Google Play so as to pass security checks and later updated the applications with malicious code to infect the devices who already downloaded the clean version. The app has been updated like this at least 5 times between 18 April and 15 May.
According to Kaspersky Lab, the Trojan uses special techniques to gain the root access of the infected devices and also affects the system libraries of Android devices running in both the 32-bit and 64-bit architecture.
Kaspersky Lab reported in their blog that "Dvmap the first Android malware that injects malicious code into the system libraries in runtime, and it has been downloaded from the Google Play Store more than 50,000 times."
After Kaspersky Lab reported the infecting malware to Google, it has been removed from the Play Store.
The researchers at Kaspersky learned that the Trojan has new techniques to get the root access and its main purpose is to hack into the system and execute downloaded files with root rights.
The lab added that a trojan that has 64-bit support is rare and upon further study, they learned that the Trojan have a command and control that reports all its actions back to malware creators but never found any files attached to it, which suggests that this trojan still in testing mode.
Kaspersky added that"uncovering this malware at such an early stage, we will be able to prevent a massive and dangerous attack when the attackers are ready to actively use their methods."
